All three flaws related to giving an attacker a route to bypass the lock screen function to gain access to the phone user's private data. As more consumers use their personal iPhones for work, companies are moving to impose security policies, such as mandatory use of the lock screen function that requires users to enter a password. But hackers are discovering more ways to bypass these security measures.

Apple's scramble to deal with this underscores how cyber criminals are not entirely ignoring the iPhone, despite the deluge of probing and attacks on Android smartphones and tablets. USA TODAY tapped Giri Sreenivas, Rapid7's vice president and general manager of mobile, for context.

Q: What is the core problem?

Sreenivas: Security vulnerabilities are being discovered that evade the security policies created for mobile devices. For example, this week Apple updated its iOS software with a security fix for a lockscreen bypass flaw. Apple's update was aimed at solving two bypass flaws that were discovered, however just a day after the patch was released there was news that yet another bypass flaw had been discovered targeting iPhone 4 devices.

By initiating an emergency call through the lock screen and timing a sequence of malicious actions, an attacker can skip entering a password and gain access to use the phone. Once they have bypassed the password security measures in place, they can access any data stored on the device including emails, contact information and photos. The attackers will also be able to place calls using the phone, which could lead to the potential for astronomical phone bills due to long distance charges.

Q: Who should be concerned about this?

Sreenivas: Consumers and business should be very concerned about these mobile security vulnerabilities. It is becoming increasingly common for mobile devices to be lost or stolen. Most companies regard lost or stolen devices as the top threat to their data from mobile devices. A password is typically required to unlock these devices to protect users' sensitive data from threats. For consumers and businesses relying on this security measure, there will be a heightened need to be vigilant to protect the devices from these potential attacks.

Q: To what extent are bad guys moving to exploit this?

Sreenivas: Given the ease with which anyone can search for bypass techniques on YouTube, this is a real risk that smartphone and tablet owners should be concerned about.

Q: What's the larger lesson here?

Sreenivas: The critical lesson here is that while security policies like requiring passwords to unlock devices are a good practice, it's important to be aware of security vulnerabilities that can be exploited to bypass these security controls. Most importantly, keeping your devices updated to the latest version of firmware will typically address these security vulnerabilities and keep your device from being exploited if it is lost or stolen.

Q: Anything else?

Sreenivas: Update, update, update. Simply updating devices to the latest version of firmware can go a long way in protecting devices from these types of attacks.